Cybercriminals are burrowing deeper into telecom networks and striking harder than ever before. Nokia’s 11th Annual Threat Intelligence Report, unveiled at Mobile World Congress 2024, paints a sobering picture: stealthy intrusions in the telecom core and terabit-scale DDoS attacks are no longer rare events — they’re daily battles.

Telecom Core Under Siege

The report underscores a sharp rise in targeted intrusions against core telecom systems — subscriber databases, lawful interception platforms, and network management tools. Many campaigns, like the Salt Typhoon operation, remain hidden for years, using so-called “living off the land” techniques. Instead of deploying flashy malware, attackers repurpose trusted tools already inside the network to move silently.

The statistics are staggering:

• 63% of operators faced at least one such intrusion last year.
• 32% reported four or more incidents.

These aren’t quick smash-and-grab jobs. They’re slow-burn infiltrations that cost operators millions in data loss, regulatory fallout, and system remediation. As one North American CISO told Nokia researchers:

“Some of these entry points were planted years ago, just waiting for the right moment to trigger.”

DDoS at Record-Breaking Scale

If stealth defines the core intrusions, brute force defines today’s DDoS landscape. Nokia highlights that terabit-scale DDoS floods are now daily occurrences, up from once every five days just a year ago. Even more worrying, these attacks are getting shorter and more destructive: nearly 80% last under five minutes — yet deliver peaks of 5–10 Tbps that can cripple services instantly.

The fuel? Residential broadband. With over 100 million home internet connections exploited for bandwidth abuse, attackers can assemble vast botnets at unprecedented speeds.

“Industrialized attack tools and insecure IoT devices have made DDoS not just a nuisance, but a systemic risk,”

warns Jeff Smith, VP and GM of Nokia Deepfield.

AI, ML, and the Quantum Clock

To fight back, operators are doubling down on AI-driven defenses. More than 70% of telecom security leaders now rank AI/ML-powered threat detection as a top investment, and over half plan to deploy such systems within the next 18 months.

But the horizon holds another challenge: quantum computing. By 2029, Nokia estimates that digital certificate lifespans could shrink from over a year to just 47 days. The industry will need to embrace crypto-agility — the ability to swap out encryption methods on the fly — or risk having today’s strongest locks picked by tomorrow’s quantum keys.

People, Not Just Machines, Still the Weak Link

Technology alone isn’t the cure. The report shows that insider mistakes, weak access controls, and unpatched systems account for nearly 60% of telecom breaches. In other words, even the most advanced AI won’t stop a misconfigured firewall or an engineer with too much unchecked access.

Where Nokia Stands in the Global Fight

Nokia isn’t alone in sounding the alarm. Rival vendors like Ericsson and Huawei have also flagged rising telecom vulnerabilities, but Nokia’s framing — blending AI defenses with quantum-safe readiness — aligns closely with what analysts at Gartner and ENISA (the EU’s cybersecurity agency) are forecasting. The global market is already shifting: AT&T recently expanded its AI-based threat detection partnerships, while Orange Cyberdefense has launched quantum-encryption trials in Europe.

For operators, the message is clear. Cyberattacks on telecom infrastructure are not outliers—they’re the new baseline. The winners in this new landscape will be those who not only detect threats faster but also adapt their networks for a post-quantum world.